[CDNi] Early AD review of draft-ietf-cdni-metadata-17

Alexey Melnikov <aamelnikov@fastmail.fm> Thu, 02 June 2016 10:02 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1C5F112D6AC for <cdni@ietfa.amsl.com>; Thu, 2 Jun 2016 03:02:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastmail.fm header.b=Liwq4XFt; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=oiE6SDXX
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 9xVCbja8ZpHY for <cdni@ietfa.amsl.com>; Thu, 2 Jun 2016 03:02:15 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CE1712D6A5 for <cdni@ietf.org>; Thu, 2 Jun 2016 03:02:15 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id 15438219F9 for <cdni@ietf.org>; Thu, 2 Jun 2016 06:02:15 -0400 (EDT)
Received: from web5 ([]) by compute5.internal (MEProxy); Thu, 02 Jun 2016 06:02:15 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.fm; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=Fg8783zm6E2TpmTLjGy51NAhj+o=; b=Liwq4X FtLG4b8Ct6WFUzH82n44Ph6bSY02qRtsifsZCdtPetV98dXkDUh6OYGk4UhUd1q0 aiWumXb3XjFqcj5TSn0q6QmE1VDIQl++oILMwMjckWILR0QyBPO0/g/GkPA67YHT XEweoUGUoi67LLX3ZBt8ZhK0/0l05jtZCYolY=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=Fg8783zm6E2TpmT LjGy51NAhj+o=; b=oiE6SDXXKqeVsIHDS9XfldPK7qj6E1ZDoHr4NI+qJG4uiVb G8Kn+HtK86Mxlw3YXh6gljuJH5Vv68Kgm8Ldp82UKrMUh5JQUdlG0+/CBiBC6Fqb jAROyzXQYp110QLPMeCgU/o8q2Izrkm131SjPM0O5Dk2KwjSivpfTEeZTJi0=
Received: by mailuser.nyi.internal (Postfix, from userid 99) id DE572A849C; Thu, 2 Jun 2016 06:02:14 -0400 (EDT)
Message-Id: <1464861734.1246901.625717065.0912CC9E@webmail.messagingengine.com>
X-Sasl-Enc: ZBY56KwrC122DmnNz1dQU7rNLscGwmgs8Wt21m7/IwCs 1464861734
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: cdni@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
X-Mailer: MessagingEngine.com Webmail Interface - ajax-38f217ef
In-Reply-To: <A419F67F880AB2468214E154CB8A556206DE1909@eusaamb103.ericsson.se>
References: <A419F67F880AB2468214E154CB8A556206DE1909@eusaamb103.ericsson.se>
Date: Thu, 02 Jun 2016 11:02:14 +0100
Archived-At: <http://mailarchive.ietf.org/arch/msg/cdni/pP7-fRM1Kehiv5H_PY7NpxhRdrg>
Subject: [CDNi] Early AD review of draft-ietf-cdni-metadata-17
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jun 2016 10:02:17 -0000

In order to speed up publication of this draft, I decided to do early AD
review. Here are my comments. My apologies if they are a bit cryptic, if
you are unsure of what I meant, please ask!

In 1.2: content can only be delivered using HTTP/1.1 and not HTTP/1.1
over TLS? Is last para saying that this is an unsolved problem (e.g.
LURK BOF solution is needed)?

In 4.1.2: hostname and IP addresses need to have defined syntaxes (at
least by reference). You also need to say whether IDN domain names are
allowed here.

In 4.1.5: does "case insensitive" only applies to ASCII range? I.e.,
encoded UTF-8 sequences in URIs are not affected.

In 4.2.6: URI needs a Normative Reference (RFC 3986).

In 4.3.7: need a reference to a document/registry defining ASNs.

In 6.1: need a reference to HTTP/1.1 spec.

Should OPTIONS method be allowed?

In 6.2/6.3: Is discovery of the initial URI truly out of scope? You can
define a .well-known URI to allow bootstrapping.
If it is defined, is it likely to be used?

In 7.3: Nit: HTTP/1.1 over TLS needs 2 references, not just one.

In 7.4: I think I am sad that you haven't defined any initial
authentication mechanism. Has this been discussed in the WG?

In 8.1, last para: a requirement to implement mutual authentication is
underspecified. Do you mean TLS mutual authentication? If yes, say so.
If other mechanisms can be used, say so as well.
If you meant to reference 8.5 here, please do so.

Why is this only a SHOULD (and not a MUST)?

In 8.2: similarly, how can the SHOULD be satisfied? Do you mean TLS or
something else? Reference 8.5?

In 8.3: similar issue.

Also encryption doesn't necessarily provide integrity of data, so the
last sentence sounds wrong.

In 8.4: similar issue.